Package ch.ivyteam.ivy.security
Interface ISecurityContext
-
- All Superinterfaces:
org.eclipse.core.runtime.IAdaptable
,ISynchronizableSecuritySystem
public interface ISecurityContext extends org.eclipse.core.runtime.IAdaptable, ISynchronizableSecuritySystem
The security context is responsible to manage users, roles and sessions.- Since:
- 17.05.2006
- API:
- This is a public API.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description void
checkPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptorISession
createSession()
Creates a new sessionISession
createSession(int sessionIdentifier)
Creates a new sessionIUser
createUser(String userName, String fullUserName, String password, Locale eMailLanguage, String eMailAddress, String externalSecuritySystemName)
Creates a new well-known uservoid
deleteUser(String userName)
Deletes a well-known uservoid
destroySession(int sessionIdentifier)
Destroys a session<T> T
executeAs(Callable<T> callable, ISession executionContext)
Executes the callable in the context of the given execution contextIRole
findRole(long roleId)
Find a role by its identifierIRole
findRole(String roleName)
Finds a role by its nameISecurityMember
findSecurityMember(String securityMemberName)
Finds a security member with its nameISession
findSession(int sessionIdentifier)
Find sessionIUser
findUser(long userId)
Find a user by its identifierIUser
findUser(String userName)
Find a user by its name.IUser
findUserWithoutLookup(String userName)
Finds a user by its name.List<IRole>
getActiveRoles()
ClusterSessionsSnapshot
getClusterSessionsSnapshot()
CallsgetClusterSessionsSnapshot(long)
with the default value of maxAge=1000 (1 second)ClusterSessionsSnapshot
getClusterSessionsSnapshot(long maxAge)
Returns a snapshot containing information of all sessions at the time this method was invoked.ISession
getCurrentSession()
Gets the current session.String
getExternalSecuritySystemName()
Gets the name of the external security system providerIExternalSecuritySystemProvider
getExternalSecuritySystemProvider()
The external security system providerlong
getId()
Gets the identifier of the security contextList<IRole>
getRoles()
long
getSessionCount()
Get count of all sessions of this local running engine.List<ISession>
getSessions()
Gets all sessions of the web application.IUser
getSystemUser()
Gets the system userISession
getSystemUserSession()
Gets the session of the system userIRole
getTopLevelRole()
Returns the top level roleIUserQueryExecutor
getUserQueryExecutor()
Deprecated.useusers()
.queryExecutor()
;List<IUser>
getUsers()
WARNING: This methods loads the all users into memory.
This can cause out of memory exceptions and bad performance depending on the number of users in your application.boolean
hasPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptorIUserRepository
users()
Gets the user repository of this security context.-
Methods inherited from interface ch.ivyteam.ivy.security.synch.ISynchronizableSecuritySystem
isSynchronizationRunning, synchronizeUser, triggerSynchronization, triggerSynchronization
-
-
-
-
Method Detail
-
getRoles
List<IRole> getRoles()
- Returns:
- All roles. Flat without any hierarchy, but the child roles of a role are always behind the parent role.
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
- Security:
- SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION
-
getActiveRoles
List<IRole> getActiveRoles()
- Returns:
- all roles which could be actively used by the system. Flat without any hierarchy, but the
child roles of a role are always behind the parent role.
In comparison togetRoles()
thoseroles
will be excluded, which only exists in outdated Process Model Versions. - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
getTopLevelRole
IRole getTopLevelRole()
Returns the top level role- Returns:
- top level role
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
- Security:
- SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION
-
findRole
IRole findRole(String roleName)
Finds a role by its name- Parameters:
roleName
- The name of a role- Returns:
- role or null if no role was found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
- Security:
- SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION
-
findRole
IRole findRole(long roleId)
Find a role by its identifier- Parameters:
roleId
- the identifier of the role- Returns:
- the role or null if role is not found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS RoleReadAll PERMISSION OR OWNS RoleReadAll@SYSTEM PERMISSION
-
createUser
IUser createUser(String userName, String fullUserName, String password, Locale eMailLanguage, String eMailAddress, String externalSecuritySystemName)
Creates a new well-known user- Parameters:
userName
- The user namefullUserName
- The user's full namepassword
- The user's passwordeMailLanguage
- the language the e-mail notifications are written ineMailAddress
- The users e-mail addressexternalSecuritySystemName
- the name of the user in the external security system- Returns:
- created user
- Throws:
PersistencyException
- if persistency access fails or user already exists- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
deleteUser
void deleteUser(String userName)
Deletes a well-known user- Parameters:
userName
- The user name- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
findUser
IUser findUser(String userName)
Find a user by its name. Does lookup the user in the external security system (e.g Active Directory) if the user is not yet synchronized.- Parameters:
userName
- the name of the user to find- Returns:
- user or
null
if no user with the name exists (also in the external security system if configured) - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
findUserWithoutLookup
IUser findUserWithoutLookup(String userName)
Finds a user by its name. Does not lookup the user in the external security system (e.g Active Directory) if the user is not synchronized yet.- Parameters:
userName
- the name of the user to find- Returns:
- user or
null
if no user with the name exists or the user was not yet synchronized from the external security system - Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
findUser
IUser findUser(long userId)
Find a user by its identifier- Parameters:
userId
- the identifier of the user- Returns:
- the user or null if user is not found
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getSystemUser
IUser getSystemUser()
Gets the system user- Returns:
- system user
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
createSession
ISession createSession(int sessionIdentifier)
Creates a new session- Parameters:
sessionIdentifier
- the session identifier- Returns:
- new session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SessionCreate PERMISSION OR OWNS SessionCreate@SYSTEM PERMISSION
-
createSession
ISession createSession()
Creates a new session- Returns:
- new session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
findSession
ISession findSession(int sessionIdentifier)
Find session- Parameters:
sessionIdentifier
- session identifier- Returns:
- session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SessionReadAll PERMISSION OR OWNS SessionReadAll@SYSTEM PERMISSION
-
getSystemUserSession
ISession getSystemUserSession()
Gets the session of the system user- Returns:
- system user session
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
- Security:
- SESSION OWNS SessionReadAll PERMISSION OR OWNS SessionReadAll@SYSTEM PERMISSION
-
destroySession
void destroySession(int sessionIdentifier)
Destroys a session- Parameters:
sessionIdentifier
- session identifier- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in Java.
-
getUsers
List<IUser> getUsers()
WARNING: This methods loads the all users into memory.
This can cause out of memory exceptions and bad performance depending on the number of users in your application.- Returns:
- enumeration with all users
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS UserReadAll PERMISSION OR OWNS UserReadAll@SYSTEM PERMISSION
-
getSessions
List<ISession> getSessions()
Gets all sessions of the web application. In a cluster environment returns only the sessions of the local cluster node. To get information of session on all cluster nodes usegetClusterSessionsSnapshot()
- Returns:
- enumeration with the sessions
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SessionReadAll PERMISSION OR OWNS SessionReadAll@SYSTEM PERMISSION
-
getSessionCount
long getSessionCount()
Get count of all sessions of this local running engine.- Returns:
- count of sessions (without system user session)
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getClusterSessionsSnapshot
ClusterSessionsSnapshot getClusterSessionsSnapshot()
CallsgetClusterSessionsSnapshot(long)
with the default value of maxAge=1000 (1 second)- Returns:
- a cluster session snapshot. Never null
- Throws:
PersistencyException
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getClusterSessionsSnapshot
ClusterSessionsSnapshot getClusterSessionsSnapshot(long maxAge)
Returns a snapshot containing information of all sessions at the time this method was invoked. If there is only one cluster node theClusterSessionsSnapshot
contains the same information which can be fetched withgetSessions()
. If there are multiple cluster nodes theClusterSessionsSnapshot
contains as well information about sessions on other nodes. The parametermaxAge
controls how old theClusterSessionsSnapshot
can be. For example withmaxAge=5000
theClusterSessionsSnapshot
is maximal 5 seconds old. The longer themaxAge
is the less network traffic is caused.- Parameters:
maxAge
- in milliSeconds- Returns:
- a cluster session snapshot. Never null
- Throws:
PersistencyException
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
hasPermission
boolean hasPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptor- Parameters:
securityDescriptor
- the security descriptor to check for the permissionpermission
- the identifier of the permission to check- Returns:
- true if session has permission, otherwise false
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
checkPermission
void checkPermission(ISecurityDescriptor securityDescriptor, IPermission permission)
Checks if the current session has a certain permission on the security descriptor- Parameters:
securityDescriptor
- the security descriptor to check for the permissionpermission
- the permission to check- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getCurrentSession
ISession getCurrentSession()
Gets the current session. Gets the current session associated to the current thread- Returns:
- current session or null if current thread has no session associated
- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
findSecurityMember
ISecurityMember findSecurityMember(String securityMemberName)
Finds a security member with its name- Parameters:
securityMemberName
- the security member name- Returns:
- the security member found or null.
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
getExternalSecuritySystemName
String getExternalSecuritySystemName()
Gets the name of the external security system provider- Returns:
- name of the external security system provider
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityReadExternalSecuritySystemProvider PERMISSION OR OWNS SecurityReadExternalSecuritySystemProvider@SYSTEM PERMISSION
-
getExternalSecuritySystemProvider
IExternalSecuritySystemProvider getExternalSecuritySystemProvider()
The external security system provider- Returns:
- external security system provider
- Throws:
PersistencyException
- if persistency access fails- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
- Security:
- SESSION OWNS SecurityReadExternalSecuritySystemProvider PERMISSION OR OWNS SecurityReadExternalSecuritySystemProvider@SYSTEM PERMISSION
-
getId
long getId()
Gets the identifier of the security context- Returns:
- identifier
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
executeAs
<T> T executeAs(Callable<T> callable, ISession executionContext) throws Exception
Executes the callable in the context of the given execution context- Type Parameters:
T
- the type of the result- Parameters:
callable
- the callableexecutionContext
- the execution context- Returns:
- the result of the callable
- Throws:
Exception
- if callable throws an exception- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
getUserQueryExecutor
@Deprecated(since="8.0.3") IUserQueryExecutor getUserQueryExecutor()
Deprecated.useusers()
.queryExecutor()
;Executor foruser queries
on this security context.- Returns:
- user query executor
- Since:
- 8.0.2
- See Also:
UserQuery
- API:
- This public API is available in IvyScript and Java. It has the visibility EXPERT.
-
users
IUserRepository users()
Gets the user repository of this security context. Allows to create, delete, find, queryusers
of this security context / application- Returns:
- user repository
- Since:
- 8.0.3
- API:
- This public API is available in IvyScript and Java. It has the visibility ADVANCED.
-
-